Home Explore Help
Sign In
Soof
/
rescan
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Move l3 protocol and daddr extraction to util.rs and convert ipv4 address to host order from be

niels 2 years ago
parent
d192ec11e5
commit
753147e8d5
3 changed files with 21 additions and 35 deletions
Unified View Show Diff Stats
  1. 3 25
      responder-ebpf/src/bin/icmp.rs
  2. 2 10
      responder-ebpf/src/bin/syn.rs
  3. 16 0
      responder-ebpf/src/util.rs

+ 3 - 25
responder-ebpf/src/bin/icmp.rs
View File 

@@ -66,40 +66,18 @@ unsafe fn matches_filter(daddr: IpAddr) -> bool {
 
 fn try_responder(ctx: XdpContext) -> Result<xdp_action::Type, xdp_action::Type> {
 
 fn try_responder(ctx: XdpContext) -> Result<xdp_action::Type, xdp_action::Type> {
 
     let mut hdr_cursor = 0usize;
 
     let mut hdr_cursor = 0usize;
 
 
 
-    // let eth = parse_ethhdr(&ctx, &mut hdr_cursor).ok_or(xdp_action::XDP_PASS)?;
 
-    // let protocol = unsafe { u16::from_be((*eth).h_proto) };
 
-
 
-    // if protocol != ETH_P_IP {
 
-    //     return Ok(xdp_action::XDP_PASS);
 
-    // }
 
-
 
-    // let ip = parse_ipv4hdr(&ctx, &mut hdr_cursor).ok_or(xdp_action::XDP_PASS)?;
 
-    //
 
-
 
     let (eth, ip) = unsafe {
 
     let (eth, ip) = unsafe {
 
         parse_routing(&ctx, &mut hdr_cursor)
 
         parse_routing(&ctx, &mut hdr_cursor)
 
             .ok_or(xdp_action::XDP_PASS)?
 
             .ok_or(xdp_action::XDP_PASS)?
 
     };
 
     };
 
 
 
-    let (protocol, daddr) = match ip {
 
-        Layer3::Ipv4(ip) => unsafe { (
 
-            (*ip).protocol,
 
-            IpAddr::V4((*ip).daddr)
 
-        ) },
 
-        Layer3::Ipv6(ip) => unsafe {(
 
-            (*ip).nexthdr,
 
-             IpAddr::V6((*ip).daddr)
 
-        ) }
 
-    };
 
-
 
+    let protocol = unsafe { l3_get_protocol(&ip) };
 
+    let daddr = unsafe { l3_get_daddr(&ip) };
 
 
 
     if is_local(daddr) {
 
     if is_local(daddr) {
 
-        // info!(&ctx, "local: pass");
 
-        return Ok(xdp_action::XDP_PASS);
 
+        return Ok(xdp_action::XDP_PASS); // Pass normal loopback traffic to not disturb host
 
     }
 
     }
 
 
 
-    info!(&ctx, "received a packet");
 
-    info!(&ctx,"Received eth with proto: {}", protocol);
 
     info!(&ctx, "Received ip with proto: {}", protocol);
 
     info!(&ctx, "Received ip with proto: {}", protocol);
 
     match daddr {
 
     match daddr {
 
         IpAddr::V4(ip) => info!(&ctx, "daddr: {:ipv4}", ip),
 
         IpAddr::V4(ip) => info!(&ctx, "daddr: {:ipv4}", ip),

+ 2 - 10
responder-ebpf/src/bin/syn.rs
View File 

@@ -71,16 +71,8 @@ fn try_responder(ctx: XdpContext) -> Result<xdp_action::Type, xdp_action::Type>
 
             .ok_or(xdp_action::XDP_PASS)?
 
             .ok_or(xdp_action::XDP_PASS)?
 
     };
 
     };
 
 
 
-    let (protocol, daddr) = match ip {
 
-        Layer3::Ipv4(ip) => unsafe { (
 
-            (*ip).protocol,
 
-            IpAddr::V4(u32::from_be((*ip).daddr))
 
-        ) },
 
-        Layer3::Ipv6(ip) => unsafe {(
 
-            (*ip).nexthdr,
 
-             IpAddr::V6((*ip).daddr)
 
-        ) }
 
-    };
 
+    let protocol = unsafe { l3_get_protocol(&ip) };
 
+    let daddr = unsafe { l3_get_daddr(&ip) };
 
 
 
     if is_local(daddr) {
 
     if is_local(daddr) {
 
         // info!(&ctx, "local: pass");
 
         // info!(&ctx, "local: pass");

+ 16 - 0
responder-ebpf/src/util.rs
View File 

@@ -75,6 +75,22 @@ pub unsafe fn parse_routing(ctx: &XdpContext, cursor: &mut usize) -> Option<(*mu
 
     return None;
 
     return None;
 
 }
 
 }
 
 
 
+#[inline(always)]
 
+pub unsafe fn l3_get_protocol(l3: &Layer3) -> u8 {
 
+    return match l3 {
 
+        Layer3::Ipv4(ip) => (**ip).protocol,
 
+        Layer3::Ipv6(ip) => (**ip).nexthdr,
 
+    }
 
+}
 
+
 
+#[inline(always)]
 
+pub unsafe fn l3_get_daddr(l3: &Layer3) -> IpAddr {
 
+    return match l3 {
 
+        Layer3::Ipv4(ip) => IpAddr::V4(u32::from_be((**ip).daddr)),
 
+        Layer3::Ipv6(ip) => IpAddr::V6((**ip).daddr),
 
+    }
 
+}
 
+
 
 #[inline(always)]
 
 #[inline(always)]
 
 pub unsafe fn bounce_eth(_ctx: &XdpContext, eth: *mut ethhdr) {
 
 pub unsafe fn bounce_eth(_ctx: &XdpContext, eth: *mut ethhdr) {
 
     (*eth).h_dest = (*eth).h_source;
 
     (*eth).h_dest = (*eth).h_source;